RT-N66U DNS Filter

Since 3.68 I have had an issue with DNS-based Filtering.
I run my traffic through OpenDNS with the DNS-servers set to 208.67.220.220 and 208.67.222.222.
The Global Filter mode is set to "No Filtering", and I have selected "OpenDNS Home" for the devices I want to use the filter. All good so far, it works.

The problem is that all other devices get caught in the same filter. If I don't add these devices to the list, it filters them. And even if I add these devices to the list and select either "No filtering" or "Router", it doesn't matter. They all get caught in the OpenDNS-filter.

In the last couple of weeks it stopped filtering these devices a couple of times, but then just seemingly random jumped into filtering again.

No, no user scripts or non-standards. An yes, the filtering seems to happen in some random long intervals. It can work for a day or two, and then filter every device for weeks now.

I just can't seem to get past it, even though I let the "Router" setting be applied.
At the moment I'm still filtered, even though I turned DNS-based filtering OFF! (Browser cookies and cache are wiped clean.)

Is there such a thing as a router cache that needs to be wiped as well?

The only thing I can suggest is that having enabled Telnet or SSH access to the router you log into it and issue the following from the command line. If you post the results here we might be able to see what's happening.

I can't see anything wrong there. I see one device (A4:71:74:F5:F1:8C) directed to 208.67.222.222. And two devices (00:26:C6:B6:0A:72 & 78:F8:82:9E:CD DB) explicitly ignoring DNS Filter. All the other devices will default to ignoring the DNS Filter.

Check the DNS configuration on your devices themselves, make sure they are set to DHCP and not with a static DNS.

Click to expand...

But shouldn't DNS Filter intercept the DNS requests even if this was the case?

One very strange thing, in the first iptables-save that was posted with the filter active, the DNSFILTER chain got no hits (the count was [0:0] ). Are you sure you don't have another device on the network with an address conflict with the router?

I got occupied elsewhere (obviously), but I thought I would finish this thread for future references.

As Merlin adviced, I double checked for the devices configs, but there were no Static DNS settings, only DHCP.

And there are no devices with conflicting addresses, as suggested by john9527.

I could not find the problem, and I haven't changed any settings. But since updating to the new firmware, the error is gone. Haven't read the changelog to know that is the reason. But it works, and I try to not fix what isn't broken

Nice settings, I do the same at home but I was thinking in the reverse mode of this, maybe selection only my devices to stay in the NO FILTERING list and leave all the rest of the devices or who connects to the router use the GLOBAL FILTERING mode ( NORTON SAFE )

I think is more easy to exclude us from the list than incluse each one of the clients that we want to pass for a dns filter, using the reverse mode will save a lot of time and effort because if someone new comes to your home and connect to your wifi router, the mac and ip will automatically goes into the DNS filter / norton and your devices will always be free of all, I hope merlim do something about it in the future

I don't understand what you are wanting Merlin to do. What you describe can already be done with DNS Filter.

Click to expand...

Yah, but you have to add manually each one of the devices that you want to pass by the custom DNS filter, what I want to do is include my desk, laptop and cellphone in the DNS filter / NOTHING and leave the GLOBAL filtering options enable with the CUSTOM ONE / norton safe enable, using this way each one of the devices of my wifi will be passing into the DNS FILTER and my devices will stay out of it using the NO FILTERING option, got it? =]

Yah, but you have to add manually each one of the devices that you want to pass by the custom DNS filter, what I want to do is include my desk, laptop and cellphone in the DNS filter / NOTHING and leave the GLOBAL filtering options enable with the CUSTOM ONE / norton safe enable, using this way each one of the devices of my wifi will be passing into the DNS FILTER and my devices will stay out of it using the NO FILTERING option, got it? =]

Click to expand...

No, sorry. I'm still not getting it.

You want every device to use Norton Safe, except your desktop, laptop and phone which you don't want any filtering.